Debian's system does not require developers to maintain older versions, only to clearly indicate security fixes. Debian patches its own older versions to include the security fixes.
> I understand that, but it means that debian inevitably distributes buggy software in a supposedly 'stable' distribution.
Bugs are a matter of perspective. If alleged bugfixes actually make you modify your currently working setup, then I don't consider that much of an actual bugfix, just something that makes me do work for no real benefit:
I like Debian stable. Two years is an entirely reasonable amount of time to be able to have most software in my OS immutable except for security fixes. For the tiny amount of software for which I may want the bleeding edge, there are language-specific "package" "managers" (lol npm) or I can just backport the software myself.
Many people are unhappy about living with old bugs or missing features for years, even if you are not. And as a result we get a proliferation of many different update mechanisms on the same system. Some of them interactive and unscriptable. Some less than secure. This is not an ideal situation by any stretch.
It's not a huge problem either as long as Linux is used almost exclusively by professionals and mostly on servers.
You know what people really hate? Change. Ask around how many people like it when Facebook changes its UI. Most don't. Sure, if there's a bug people hate living with the bug, but people really hate change even more.
I agree with you that this is a very strong sentiment. People don't want everything to change all the time underneath them, especially not the UI.
But freezing everything for years puts too many people in a situation where they just have to upgrade for one reason or another. It's not always their choice and it's rarely a desire for change that makes them do it.